Social Engineering Flashcards Preview

CompTia A+ Software Part 2 > Social Engineering > Flashcards

Flashcards in Social Engineering Deck (7):
1

You're a security consultant an organization has hired you to review the security measures. They are chiefly concerned that they could become the victim of a social engineering attack. What should you recommend they do to mitigate the risk?

– Establish a written security policy
– Train managers to monitor user activity
– Teach users how to recognize and respond to social engineering attacks
– Implement a border firewall filter inbound network traffic

Teach users how to recognize and respond to social engineering attacks

2

Which of the following are examples of social engineering? (Select two)

-Shoulder surfing
-Port scanning
-War dialing
-Dumpster diving

Shoulder surfing
Dumpster diving

3

Which is the best countermeasures against social engineering

-Strong passwords
-Acceptable use policy
-User awareness training
-Access auditing

User awareness training

4

An intruder waits near an organization secure entrance until an employee approached the entrance and unlocks it with the security badge. The intruder falls in line behind the employee, who assumes the intruder is another employee and holds the door open for her. What kind of a attack just occurred?

-smurf
-tailgating
-denial of service
-phising

tailgating

5

Several users have forwarded you an email stating that your company health insurance provider has just launched a new website for all employees. To access the site they are told to email to click a link and provide their personal information. Upon investigation, you discover that your companies health insurance provider did not send this email. What kind of attack just occurred?

– Denial service
– Phising
– Piggybacking
– Smurft

Phising

6

Which of the following are common forms of social engineering attack?

– Hoax virus information emails
– Distributing false information about your organizations financial status
– Stealing the key card of the employee and using that to enter secured building
– Using a sniffer to capture network traffic

Hoax virus information emails

7

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or login credentials, through email or websites that impersonate in online entity that the victim trust, such as financial situations or well known e-commerce sites?

– Session hijacking
– Phising
– Fraggle Attack
– Social engineering

Phising